From patchwork Mon Apr 9 10:53:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 133021 Delivered-To: patch@linaro.org Received: by 10.46.84.29 with SMTP id i29csp128173ljb; Mon, 9 Apr 2018 03:53:46 -0700 (PDT) X-Google-Smtp-Source: AIpwx4//mIASvCe4cNsgyGIatiI7ST5bQ5B450xavGN4CdwhC44GY1eFOlW1zQdmbvq0IWtr9h8x X-Received: by 10.99.149.21 with SMTP id p21mr24745864pgd.154.1523271226261; Mon, 09 Apr 2018 03:53:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523271226; cv=none; d=google.com; s=arc-20160816; b=SwkHQsfYkNAFd3KYax6c9+W9lwf4406C+1gCKQpLUY38K5v/CaItVT87Di316nhgot 9Dsn7BBhhH8gHNCMdya/scKxNKkEhO+5l3OopkYSObBBwQgbWNwS1/pBcKC187sA1seB bI217D62PLQMJb7++p+lxoZ1cfDdUETBD1GjBa7rjBTXOjtAeWWsNyXFKIC2rHhzKzOI 01RBRLLUr/VGDl7AxuvQfNX5D6CB/efkPp7ab9IbYeh5rke3DGlrNoa88vpejKIM/TNC +uVifpDIrvXbDhSvNMHGOVf6H37frpRZKHIbyblwP0qmP/cVVPVm03GddV8yfJeFLcSC JevA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=GeK+QJ8gAPykM20ZPrN+R354pKgIBLVem9mYFhOvPqA=; b=x6MfV0R0LySNiAMQRZLfaQOVjaiGVcLgDQ6iceVdIB3SQoHtlzPd28Dgjjv0w2Gs2N HkpQAPQMv331KtbneAOgh2yNiTvl0TnUVfXVvtffIWZJwddO9HGy+AdbjwDciVZ0O4rn 7llHT3v7Nwy7LfaCIQvKXlqzCmR3DT7Z0XTVNaaNaFQaG6VTm7Iqayt/G0+FUeTP0dxy pUf584FUIkNNptLQesFQYqkQsCPRT/SMnvFvcN5QJaj6AqUTZoVJuogxDoOLHI+Oyro0 pO5wNSYezOEKgxkiMN01pR3/6TldU9FPdQfotz+4U8iGliqMalUFu7cPElrfs6d29qAG i+tQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t8-v6si56028plq.668.2018.04.09.03.53.46; Mon, 09 Apr 2018 03:53:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752202AbeDIKxn (ORCPT + 29 others); Mon, 9 Apr 2018 06:53:43 -0400 Received: from mout.kundenserver.de ([217.72.192.73]:54211 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751348AbeDIKxk (ORCPT ); Mon, 9 Apr 2018 06:53:40 -0400 Received: from wuerfel.lan ([95.208.111.237]) by mrelayeu.kundenserver.de (mreue103 [212.227.15.145]) with ESMTPA (Nemesis) id 0M8opw-1fDEBW2OBo-00C9Ca; Mon, 09 Apr 2018 12:53:26 +0200 From: Arnd Bergmann To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , "David S. Miller" Cc: Arnd Bergmann , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] netfilter: fix CONFIG_NF_REJECT_IPV6=m link error Date: Mon, 9 Apr 2018 12:53:12 +0200 Message-Id: <20180409105322.2247296-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K1:btH1Cdz37R37KARWxeqWNXXIwjLcCfPVVNqoAo+99UtIK86Xh7j nOoKME0F4akaLyLbkHkC1zl5NMcadcX0wup1EwL9sSoDD2GLz/04cGAZ+ERLmzQJ8B87N1K Luvkjoa2gLsGv3SQ9+feOd/OeeqPtbNTWbEYegBGJoAtfo1OxQvTTC1pZYo3AeeZSGAqAPR xeU+D4v+inykUHj01hfVg== X-UI-Out-Filterresults: notjunk:1; V01:K0:CCsT0xQQrY8=:3C6niA5EehETLpYu3ajn+m ON2SVz445B3n6a6cAKLgg+luXX6UNmFjzgVKne3LKWtYqc2v8I5J/CXjzS3HCvBw8Lu+mpjDn aeXZX5nNxK0oDnYBr8dRmDxXwhdnRoZ6a4j2XNllO4NXV/HaEC79GYybLezG2dejJNkPlXAQj Mw3T2gckXYOplBUIzqSgFqg5cxNkg5uYjkePX4kk/zzqrZssoIEWGXYc2izmEiWU0HkthtWnl RRmLdswlCel8B7jlHVzJMICWW7RUR1G+x5rJfBJJLzAjZFZhcUt75fEuyt/VHATiVfWv9Iw6t 9qBVWY530vdwwI5gVd6Y2ANPH9yftc5UV9tQuFkuwNbyemmdtlyrZChrZ3qaZcJSzsO0IX7UF 82RnhLBDnP2VBobZuiQlKxFYyy1JXND6c0qPRgtfoxadBxp52VbmIJ0mbUKyQMl4BYqgVq37D aCptaeIvmIYtRPjx4J58amhEdxuDqM+IH9sT7GTFfE/KIfbLPkGyd03Me6i9PL+/bkMKCjjiA pw1mlWWxh7XoPdy5oWQXwuV7HTf3BTFVfbV+G4l2Pq5luyH9QwTjD3SFshp8u4xtxt9syDsxN p1Tdr+ES3shUoV7cZ70w+ZhQzv6+ZUQEh+7CE6Z1j2zrrxt2jM7GsugnGDW1L3RCT2PotCV4R u/SaPfPqvWG18ClHgrs0ZmlT10ZGPxXZ6yJUZWFZcPTY6xZ/V8Pk469a1AIOmoVr/rxW6uPGa MjqckEPgVJV1Rx1iRHVXqd5sBJQr1i5WYHjr+Q== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We get a new link error with CONFIG_NFT_REJECT_INET=y and CONFIG_NF_REJECT_IPV6=m after larger parts of the nftables modules are linked together: net/netfilter/nft_reject_inet.o: In function `nft_reject_inet_eval': nft_reject_inet.c:(.text+0x17c): undefined reference to `nf_send_unreach6' nft_reject_inet.c:(.text+0x190): undefined reference to `nf_send_reset6' The problem is that with NF_TABLES_INET set, we implicitly try to use the ipv6 version as well for NFT_REJECT, but when CONFIG_IPV6 is set to a loadable module, it's impossible to reach that. The best workaround I found is to express the above as a Kconfig dependency, forcing NFT_REJECT itself to be 'm' in that particular configuration. Fixes: 02c7b25e5f54 ("netfilter: nf_tables: build-in filter chain type") Signed-off-by: Arnd Bergmann --- net/netfilter/Kconfig | 1 + 1 file changed, 1 insertion(+) -- 2.9.0 Reported-by: Arnd Bergmann Signed-off-by: Pablo Neira Ayuso diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 704b3832dbad..44d8a55e9721 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -594,6 +594,7 @@ config NFT_QUOTA config NFT_REJECT default m if NETFILTER_ADVANCED=n tristate "Netfilter nf_tables reject support" + depends on !NF_TABLES_INET || (IPV6!=m || m) help This option adds the "reject" expression that you can use to explicitly deny and notify via TCP reset/ICMP informational errors